RE: Log4j Vunrability
Hi All , According to latest mitigation plan from Log4J - (https://logging.apache.org/log4j/2.x/security.html) Java 8 (or later) users should upgrade to release 2.16.0. However NIFI community discussion ( https://www.mail-archive.com/issues@nifi.apache.org/msg126427.html ) Following NIFI-9283, upgrade Log4j to 2.15.0 wherever possible. Can you please clarify further ? Thanks & Regards, Ganesh.B -Original Message- From: Joe Witt Sent: Tuesday, December 14, 2021 10:16 PM To: dev@nifi.apache.org Subject: Re: Log4j Vunrability Bcc'ing you Martin Yes of course we're very in tuned to what is happening. The convenience binary we sent doesn't contain log4j impacted libs. But some of the nars we publish that people can use do. We also do not use log4j directly as we use slf4j. But we're not certain that every possible avenue of this is shut down so we're treating this as if we must replace it entirely. To that end we are releasing Apache NiFi 1.15.1 and doing so in urgent timeline. There have been issues with the release process presumably due to Apache being under so much load. But we're on it. Hopefully vote today/release up/available tomorrow. TBD Thanks On Tue, Dec 14, 2021 at 9:40 AM Haris Javaid wrote: > > Hi there, > I am sure you guys are aware of the recently found log4j > vulnerability. I am curious to know if its required for us Nifi users > to take some action. Please let me know > > Thanks, > H
RE: Nifi 1.14 user authentication using openId connect not working
Hi , Currently we have blocked due to this .. could you please help us to resolve the below issue . From: Ganesh, B (Nokia - IN/Bangalore) Sent: Wednesday, December 8, 2021 4:24 PM To: us...@nifi.apache.org; dev@nifi.apache.org Subject: Nifi 1.14 user authentication using openId connect not working Hi , We are using apache nifi 1.14 . We have 3 nodes in nifi cluster , cluster is using external zookeeper for state management. We are using openId connect for the user authentication . following are the relevant configuration in nifi.properties file . nifi.security.user.authorizer=managed-authorizer nifi.security.allow.anonymous.authentication=false nifi.security.user.login.identity.provider= . ... # OpenId Connect SSO Properties # nifi.security.user.oidc.discovery.url=https:///access/realms/nifi/.well-known/openid-configuration nifi.security.user.oidc.connect.timeout=5 secs nifi.security.user.oidc.read.timeout=5 secs nifi.security.user.oidc.client.id=nifi-client nifi.security.user.oidc.client.secret= nifi.security.user.oidc.preferred.jwsalgorithm=RS256 But we are observing org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration': Unsatisfied dependency expressed through method 'setFilterChainProxySecurityConfigurer' parameter 1; nested exception is org.springframework.beans.factory.BeanExpressionException: Expression parsing failed; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied dependency expressed through method 'setJwtAuthenticationProvider' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'jwtAuthenticationProvider' defined in class path resource [nifi-web-security-context.xml]: Cannot resolve reference to bean 'authorizer' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authorizer': FactoryBean threw exception on object creation; nested exception is java.lang.reflect.InvocationTargetException at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.resolveMethodArguments(AutowiredAnnotationBeanPostProcessor.java:768) at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:720) at org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:119) at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessProperties(AutowiredAnnotationBeanPostProcessor.java:399) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1413) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:601) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:524) at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:335) at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234) at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:333) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:208) at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:944) at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:918) at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:583) at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:401) at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:292) at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:103) at org.eclipse.jetty.server.handler.ContextHandler.callContextInitialized(ContextHandler.java:1068) at org.eclipse.jetty.servlet.ServletContextHandler.callContextInitialized(ServletContextHandler.java:572) at org.eclipse.jetty.server.handler
Nifi 1.14 user authentication using openId connect not working
Hi , We are using apache nifi 1.14 . We have 3 nodes in nifi cluster , cluster is using external zookeeper for state management. We are using openId connect for the user authentication . following are the relevant configuration in nifi.properties file . nifi.security.user.authorizer=managed-authorizer nifi.security.allow.anonymous.authentication=false nifi.security.user.login.identity.provider= . ... # OpenId Connect SSO Properties # nifi.security.user.oidc.discovery.url=https:///access/realms/nifi/.well-known/openid-configuration nifi.security.user.oidc.connect.timeout=5 secs nifi.security.user.oidc.read.timeout=5 secs nifi.security.user.oidc.client.id=nifi-client nifi.security.user.oidc.client.secret= nifi.security.user.oidc.preferred.jwsalgorithm=RS256 But we are observing org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration': Unsatisfied dependency expressed through method 'setFilterChainProxySecurityConfigurer' parameter 1; nested exception is org.springframework.beans.factory.BeanExpressionException: Expression parsing failed; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied dependency expressed through method 'setJwtAuthenticationProvider' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'jwtAuthenticationProvider' defined in class path resource [nifi-web-security-context.xml]: Cannot resolve reference to bean 'authorizer' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authorizer': FactoryBean threw exception on object creation; nested exception is java.lang.reflect.InvocationTargetException at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.resolveMethodArguments(AutowiredAnnotationBeanPostProcessor.java:768) at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:720) at org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:119) at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessProperties(AutowiredAnnotationBeanPostProcessor.java:399) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1413) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:601) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:524) at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:335) at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234) at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:333) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:208) at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:944) at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:918) at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:583) at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:401) at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:292) at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:103) at org.eclipse.jetty.server.handler.ContextHandler.callContextInitialized(ContextHandler.java:1068) at org.eclipse.jetty.servlet.ServletContextHandler.callContextInitialized(ServletContextHandler.java:572) at org.eclipse.jetty.server.handler.ContextHandler.contextInitialized(ContextHandler.java:997) at org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:746) at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:379) at org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppContext.java:1449) at org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext
Nifi 1.14 single user Identity login is not working in cluster mode
Hi ,
We are using apache nifi 1.14 . For user authentication we are using
single-user-identity . we have also enabled
nifi.security.allow.anonymous.authentication=true.
We have 3 nodes in nifi cluster , cluster is using external zookeeper for state
management . we have provided same password to all the 3 nodes using
./bin/nifi.sh set-single-user-credentials .
When we are trying to login to nifi GUI we are observing the below error.
.svc.cluster.local, OU=NIFI>) GET
https://nifit1-nifi-2.nifit1-nifi-headless.nifi.svc.cluster.local:9443/nifi-api/flow/current-user
(source ip: 192.168.1.15)"
{"type":"log", "host":"bcmt-vm-cnfi-4396-worker-01", "level":"INFO",
"neid":"857fb9e4799f481da83e8286c07a8098", "system":"nifit1-nifi-2",
"time":"2021-12-08T0UTC", "log":"[NiFi Web Server-25]
o.a.n.w.s.NiFiAuthenticationFilter Authentication success for anonymous"}
{"type":"log", "host":"bcmt-vm-cnfi-4396-worker-01", "level":"ERROR",
"neid":"857fb9e4799f481da83e8286c07a8098", "system":"nifit1-nifi-2",
"time":"2021-12-08T"UTC", "log":"[NiFi Web Server-27]
o.a.nifi.web.security.jwt.JwtService There was an error validating the JWT"}
{"type":"log", "host":"bcmt-vm-cnfi-4396-worker-01", "level":"ERROR",
"neid":"857fb9e4799f481da83e8286c07a8098", "system":"nifit1-nifi-2",
"time":"2021-12-08T"UTC", "log":"[NiFi Web Server-27]
o.a.nifi.web.security.jwt.JwtService Unable to validate the access token.
Caused by: Unable to determine signing key for admin [kid: 1]"}
Can you please help us to resolve this issue ?
Thanks & Regards,
Ganesh.B
Nifi 1.14 single user Identity login is not working in cluster mode
Hi ,
We are using apache nifi 1.14 . For user authentication we are using
single-user-identity . we have also enabled
nifi.security.allow.anonymous.authentication=true.
We have 3 nodes in nifi cluster , cluster is using external zookeeper for state
management . we have provided same password to all the 3 nodes using
./bin/nifi.sh set-single-user-credentials .
When we are trying to login to nifi GUI we are observing the below error.
.svc.cluster.local, OU=NIFI>) GET
https://nifit1-nifi-2.nifit1-nifi-headless.nifi.svc.cluster.local:9443/nifi-api/flow/current-user
(source ip: 192.168.1.15)"
{"type":"log", "host":"bcmt-vm-cnfi-4396-worker-01", "level":"INFO",
"neid":"857fb9e4799f481da83e8286c07a8098", "system":"nifit1-nifi-2",
"time":"2021-12-08T0UTC", "log":"[NiFi Web Server-25]
o.a.n.w.s.NiFiAuthenticationFilter Authentication success for anonymous"}
{"type":"log", "host":"bcmt-vm-cnfi-4396-worker-01", "level":"ERROR",
"neid":"857fb9e4799f481da83e8286c07a8098", "system":"nifit1-nifi-2",
"time":"2021-12-08T"UTC", "log":"[NiFi Web Server-27]
o.a.nifi.web.security.jwt.JwtService There was an error validating the JWT"}
{"type":"log", "host":"bcmt-vm-cnfi-4396-worker-01", "level":"ERROR",
"neid":"857fb9e4799f481da83e8286c07a8098", "system":"nifit1-nifi-2",
"time":"2021-12-08T"UTC", "log":"[NiFi Web Server-27]
o.a.nifi.web.security.jwt.JwtService Unable to validate the access token.
Caused by: Unable to determine signing key for admin [kid: 1]"}
Can you please help us to resolve this issue ?
Thanks & Regards,
Ganesh.B
websocket reconnection issue !!
Hi , I am using Nifi as websocket client and while doing reconnecting to server we are observing below error . java.util.concurrent.ExecutionException: org.eclipse.jetty.websocket.api.UpgradeException: 401 Unauthorized: "} could you please help us the reason behind this upgradeException ? Thanks & Regards, Ganesh.B
Issue connecting with nifi in cluster mode with Istio
Hi , We are doing Nifi configuration changes for the istio . While installing nifi in cluster mode we are seeing the nifi nodes are not connected to cluster due to cluster coordination failed . The question is If someone tried with nifi using Istio configuration could you please guide us the properties needs to be configured from nifi side ? Thanks & Regards, Ganesh.B
urgent Info required on configure Maximum Timer Driven Thread Count
Hi , The default of Maximum Timer Driven Thread Count is set to 10 , I could not find the place or file which we are using that value 10 . Could ypu please help me to get that default configuration setting ? Thanks & Regards, Ganesh.B [cid:image001.jpg@01D6C8A5.D97F0E70]
RE: ListSftp/ListFtp Enhancements
Adding the option to get newest files first or oldest files first ?
Thanks & Regards,
Ganesh.B
-Original Message-
From: Bryan Bende
Sent: Wednesday, November 18, 2020 10:26 PM
To: dev@nifi.apache.org
Subject: Re: ListSftp/ListFtp Enhancements
Regarding adding support for expression language...
You could use parameter contexts instead of variables, all properties can
reference parameters by default so no need to update property descriptors, just
set to #{SearchRecursively} to reference the parameter.
In my opinion this would be better than removing the use of allowableValues on
the Search Recursively just to support expression language.
Parameters are introduced in nifi 1.10.0.
On Tue, Nov 17, 2020 at 11:32 PM Ganesh, B (Nokia - IN/Bangalore)
wrote:
>
> We have below requirement to implement in apache Nifi , could you please let
> me know your view .
>
>
> 1. CNFI ListSFTP/ListFTP does not have an option to choose which
> files to list first (older/newer) In NIFI, ListSFTP/ListFTP processors
> supporting an option to choose which files to list first (older/newer) And
> also this new field should support NiFi Expression Language.
> Use case is the following:
> We have a flow that is listing and fetching files from an external
> environment that can have thousands of files to be collected. There is a need
> to choose (depending on the environment) if we want to collect older files
> first or newer files first.
> We have a process group that we instance with a few set of variables
> via API, and one of them should be this Transfer New Files First (variable
> TransferNewFilesFirst) With the proposed feature, the ListSFTP/ListFTP
> processors would have this new field and inherit the variable e.g.
> ${TransferNewFilesFirst} and use it for listing.
> Solution:
> Added new property descriptor - "Transfer New Files First" in the
> ListSFTP/FTP processor. If true - then list the latest files first, else -
> list the latest files at the end. And also supports expression language
> (AbstractListProcessor.java) and added the same property in the ListSFTP.java
> and ListFTP.java files.
> // new property descriptor
> public static final PropertyDescriptor TRANSFER_NEW_FILES_FIRST = new
> PropertyDescriptor.Builder()
> .name("transfer-new-files-first")
> .displayName("Transfer New Files First")
> .description("If true, will list the newest resource first")
> .required(true)
> .addValidator(StandardValidators.BOOLEAN_VALIDATOR)
>
> .expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY)
> .defaultValue("true")
> .build();
>
> // to list the files in ascending or descending order final boolean
> fileOrderController =
> context.getProperty(TRANSFER_NEW_FILES_FIRST).evaluateAttributeExpressions().asBoolean();
> for (Long timestamp :
> (fileOrderController?orderedEntries.descendingKeySet():orderedEntries.keySet()))
> {
> List entities = orderedEntries.get(timestamp);
> if
> (timestamp.equals(lastProcessedLatestEntryTimestampMillis)) {
>// Filter out previously processed entities.
>entities = entities.stream().filter(entity ->
> !latestIdentifiersProcessed.contains(entity.getIdentifier())).collect(Collectors.toList());
> }
>
> for (T entity : entities) {
> // Create the FlowFile for this path.
> final Map attributes =
> createAttributes(entity, context);
> FlowFile flowFile = session.create();
> flowFile = session.putAllAttributes(flowFile,
> attributes);
> session.transfer(flowFile, REL_SUCCESS);
> flowfilesCreated++;
> }
> }
> }
>
> 2. CNFI ListSFTP/ListFTP does not support Express Language for Search
> Recursively field In NIFI, ListSFTP/ListFTP processors supporting the
> NiFi Expression Language for the Search Recursively field Use case is the
> following:
> We have a process group that we instance with a few set of variables
> via API, and one of them is the Search Recursively (variable
> SearchRecursively) With the proposed feature, the ListSFTP/ListFTP processors
> would inherit the variable e.g. ${SearchRecursively} and use it for listing.
> Having the feature would allow to instance the process group with the
> required variables from the get-go without further reconfigurations, thus
> making it a bit more reusable.
> Solution:
> Added &quo
ListSftp/ListFtp Enhancements
We have below requirement to implement in apache Nifi , could you please let me
know your view .
1. CNFI ListSFTP/ListFTP does not have an option to choose which files to
list first (older/newer)
In NIFI, ListSFTP/ListFTP processors supporting an option to choose which files
to list first (older/newer) And also this new field should support NiFi
Expression Language.
Use case is the following:
We have a flow that is listing and fetching files from an external environment
that can have thousands of files to be collected. There is a need to choose
(depending on the environment) if we want to collect older files first or newer
files first.
We have a process group that we instance with a few set of variables via API,
and one of them should be this Transfer New Files First (variable
TransferNewFilesFirst)
With the proposed feature, the ListSFTP/ListFTP processors would have this new
field and inherit the variable e.g. ${TransferNewFilesFirst} and use it for
listing.
Solution:
Added new property descriptor - "Transfer New Files First" in the ListSFTP/FTP
processor. If true - then list the latest files first, else - list the latest
files at the end. And also supports expression language
(AbstractListProcessor.java) and added the same property in the ListSFTP.java
and ListFTP.java files.
// new property descriptor
public static final PropertyDescriptor TRANSFER_NEW_FILES_FIRST = new
PropertyDescriptor.Builder()
.name("transfer-new-files-first")
.displayName("Transfer New Files First")
.description("If true, will list the newest resource first")
.required(true)
.addValidator(StandardValidators.BOOLEAN_VALIDATOR)
.expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY)
.defaultValue("true")
.build();
// to list the files in ascending or descending order
final boolean fileOrderController =
context.getProperty(TRANSFER_NEW_FILES_FIRST).evaluateAttributeExpressions().asBoolean();
for (Long timestamp :
(fileOrderController?orderedEntries.descendingKeySet():orderedEntries.keySet()))
{
List entities = orderedEntries.get(timestamp);
if
(timestamp.equals(lastProcessedLatestEntryTimestampMillis)) {
// Filter out previously processed entities.
entities = entities.stream().filter(entity ->
!latestIdentifiersProcessed.contains(entity.getIdentifier())).collect(Collectors.toList());
}
for (T entity : entities) {
// Create the FlowFile for this path.
final Map attributes =
createAttributes(entity, context);
FlowFile flowFile = session.create();
flowFile = session.putAllAttributes(flowFile,
attributes);
session.transfer(flowFile, REL_SUCCESS);
flowfilesCreated++;
}
}
}
2. CNFI ListSFTP/ListFTP does not support Express Language for Search
Recursively field
In NIFI, ListSFTP/ListFTP processors supporting the NiFi Expression Language
for the Search Recursively field
Use case is the following:
We have a process group that we instance with a few set of variables via API,
and one of them is the Search Recursively (variable SearchRecursively)
With the proposed feature, the ListSFTP/ListFTP processors would inherit the
variable e.g. ${SearchRecursively} and use it for listing.
Having the feature would allow to instance the process group with the required
variables from the get-go without further reconfigurations, thus making it a
bit more reusable.
Solution:
Added "BOOLEAN_VALIDATOR" and "ExpressionLanguageScope" in the "Search
Recursively" property. (FileTransfer.java, ListFile.java, FTPTransfer.java,
SFTPTransfer.java)
public static final PropertyDescriptor RECURSIVE_SEARCH = new
PropertyDescriptor.Builder()
.name("Search Recursively")
.description("If true, will pull files from arbitrarily nested
subdirectories; otherwise, will not traverse subdirectories")
.required(true)
.addValidator(StandardValidators.BOOLEAN_VALIDATOR)
.expressionLanguageSupported(ExpressionLanguageScope.VARIABLE_REGISTRY)
.build();
Thanks & Regards,
Ganesh.B
RE: Info required for IMAP proxy configuration
Hi , Can some one please help me for the below . We are trying to connect to "outlook.office365.com " with the ConsumeIMAP processor . If we need to add proxy can you guide us how to add ? Thanks & Regards, Ganesh.B From: Ganesh, B (Nokia - IN/Bangalore) Sent: Friday, October 16, 2020 11:08 AM To: dev@nifi.apache.org Subject: Info required for IMAP proxy configuration Hi , Can you help us to Configure nifi to use proxy for internet connection for ConsumeIMAP . Thanks & Regards, Ganesh.B
Info required for IMAP proxy configuration
Hi , Can you help us to Configure nifi to use proxy for internet connection for ConsumeIMAP . Thanks & Regards, Ganesh.B
Info required for service upgrade
Hi , We have requirement to upgrade version of Nifi-cluster without incurring service downtime or without affecting data-loss. For that, is it necessary to suspend the current template running in Nifi before start of the version upgrade activity? If yes, whether there is any programmatic way (i.e. through REST call or some other java API based mechanism) to suspend and resume the complete template running in Nifi? If your answer is no to the former question, can you please point us to the relevant design documentation in Nifi internal which enables this nice functionality i.e. version upgrade possibility without service downtime and data loss in Nifi-cluster. Thanks & Regards, Ganesh.B
RE: secure Nifi with ingress configuration
Hi ,
Could you please help me to unblock .
Thanks & Regards,
Ganesh.B
-Original Message-
From: Ganesh, B (Nokia - IN/Bangalore)
Sent: Friday, June 12, 2020 11:05 AM
To: dev@nifi.apache.org
Subject: secure Nifi with ingress configuration
Hi ,
I am trying to configure secured nifi with ingress , I have not succeed could
you please help me to correct the configuration please .
Installed citm-ingress and then flowed procedure
Created the secret by using .pem file generated by below procedure and created
k8s secret
• openssl pkcs12 -in CN=admin_OU=NIFI.p12 -passin
pass:uva1qK6Rlgw3wSM8dP344oMr5DzjET9Sjpj6TSkcpTU -out test.pem
• openssl x509 -in test.pem -out test.crt
• openssl rsa -in test.pem -out test.key
• kubectl create secret generic ingress-tls-certificate
--from-file=tls.crt=test.crt --from-file=tls.key=test.key
ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: "{{ template "nifi.fullname" . }}-gui-ingress"
annotations:
nginx.ingress.kubernetes.io/proxy-redirect: "default"
nginx.ingress.kubernetes.io/rewrite-target: /$2
nginx.ingress.kubernetes.io/secure-backends: "true"
nginx.ingress.kubernetes.io/ssl-passthrough: "false"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
ingress.citm.nokia.com/sticky-route-services:
"$cookie_JSESSIONID|JSESSIONID ip_cookie"
nginx.ingress.kubernetes.io/configuration-snippet: "set_cookie_flag *
secure;"
nginx.ingress.kubernetes.io/proxy-body-size: "1m"
labels:
chart: {{ .Chart.Name }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
rules:
- http:
paths:
- backend:
serviceName: {{ template "nifi.fullname" . }}-gui-ingress
servicePort: 9443
path: /test(/|$)(.*)
tls:
- secretName: ingress-tls-certificate
Thanks & Regards,
Ganesh.B
secure Nifi with ingress configuration
Hi ,
I am trying to configure secured nifi with ingress , I have not succeed could
you please help me to correct the configuration please .
Installed citm-ingress and then flowed procedure
Created the secret by using .pem file generated by below procedure and created
k8s secret
• openssl pkcs12 -in CN=admin_OU=NIFI.p12 -passin
pass:uva1qK6Rlgw3wSM8dP344oMr5DzjET9Sjpj6TSkcpTU -out test.pem
• openssl x509 -in test.pem -out test.crt
• openssl rsa -in test.pem -out test.key
• kubectl create secret generic ingress-tls-certificate
--from-file=tls.crt=test.crt --from-file=tls.key=test.key
ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: "{{ template "nifi.fullname" . }}-gui-ingress"
annotations:
nginx.ingress.kubernetes.io/proxy-redirect: "default"
nginx.ingress.kubernetes.io/rewrite-target: /$2
nginx.ingress.kubernetes.io/secure-backends: "true"
nginx.ingress.kubernetes.io/ssl-passthrough: "false"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
ingress.citm.nokia.com/sticky-route-services:
"$cookie_JSESSIONID|JSESSIONID ip_cookie"
nginx.ingress.kubernetes.io/configuration-snippet: "set_cookie_flag *
secure;"
nginx.ingress.kubernetes.io/proxy-body-size: "1m"
labels:
chart: {{ .Chart.Name }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
rules:
- http:
paths:
- backend:
serviceName: {{ template "nifi.fullname" . }}-gui-ingress
servicePort: 9443
path: /test(/|$)(.*)
tls:
- secretName: ingress-tls-certificate
Thanks & Regards,
Ganesh.B
RE: Nifi context path
Hi , Can anyone respond please ? Thanks & Regards, Ganesh.B From: Ganesh, B (Nokia - IN/Bangalore) Sent: Tuesday, May 26, 2020 10:18 AM To: 'dev@nifi.apache.org' Subject: Nifi context path Hi , I am accessing the nifi UI with http://localhost:8080/nifi in my VM or windows machine . I want to configure Nifi to access with our own context path i.e http://localhost:8080/ I tried configuring the nifi properties like below . nifi.web.proxy.context.path="/ " nifi.web.proxy.host=localhost:8080 For one of the requirement we need to change the config path form "/nifi" to "/" to access nifi with " http://localhost:8080/ " could anyone help me to do the same or the possibility to do . Thanks & Regards, Ganesh.B
Nifi context path
Hi , I am accessing the nifi UI with http://localhost:8080/nifi in my VM or windows machine . I want to configure Nifi to access with our own context path i.e http://localhost:8080/ I tried configuring the nifi properties like below . nifi.web.proxy.context.path="/ " nifi.web.proxy.host=localhost:8080 For one of the requirement we need to change the config path form "/nifi" to "/" to access nifi with " http://localhost:8080/ " could anyone help me to do the same or the possibility to do . Thanks & Regards, Ganesh.B
RE: Nifi with kerberos(kdc) is not working in Nifi 1.11.4
Hi , Thanks for the info , issue is resolved after changing default_releam param in login-identity-providers.xml . Thanks & Regards, Ganesh.B -Original Message- From: Bryan Bende Sent: Friday, April 17, 2020 11:21 PM To: dev@nifi.apache.org Subject: Re: Nifi with kerberos(kdc) is not working in Nifi 1.11.4 In versions prior to 1.10.0, the Default Realm was never used and that was fixed with this JIRA [1]. So if it was working for you before 1.9.2, that means it was working without a Default Realm, so you should probably remove the NIFI.COM from Default Realm. [1] https://issues.apache.org/jira/browse/NIFI-6224 On Fri, Apr 17, 2020 at 1:48 PM Ganesh, B (Nokia - IN/Bangalore) < b.gan...@nokia.com> wrote: > Hi , > > In the file login-identity-providers.xml configuration is mentioned > below , but in case of Nifi 1.9.2 also it is configured as same . > > > kerberos-provider > org.apache.nifi.kerberos.KerberosProvider > NIFI.COM > 12 hours > > > > And below is the complete back trace of the issue . > > er java.lang.IllegalArgumentException: The supplied username and > password are not valid.}. Returning Bad Request} response."} > java.lang.IllegalArgumentException: The supplied username and password > are not valid. > at > org.apache.nifi.web.api.AccessResource.createAccessToken(AccessResource.java:735) > at > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native > Method) > at > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.base/java.lang.reflect.Method.invoke(Method.java:566) > at > org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:76) > at > org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:148) > at > org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:191) > at > org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:200) > at > at > org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:263) > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610) > at > org.apache.nifi.web.filter.TimerFilter.doFilter(TimerFilter.java:51) > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletH > andler.java:1610) > > at java.base/java.lang.Thread.run(Thread.java:834) > Caused by: > org.apache.nifi.authentication.exception.InvalidLoginCredentialsException: > Kerberos authentication failed > at > org.apache.nifi.kerberos.KerberosProvider.authenticate(KerberosProvider.java:125) > at > org.apache.nifi.web.security.spring.LoginIdentityProviderFactoryBean$1.authenticate(LoginIdentityProviderFactoryBean.java:315) > at > org.apache.nifi.web.api.AccessResource.createAccessToken(AccessResource.java:729) > ... 84 common frames omitted > Caused by: > org.springframework.security.authentication.BadCredentialsException: > Kerberos authentication failed > at > org.springframework.security.kerberos.authentication.sun.SunJaasKerberosClient.login(SunJaasKerberosClient.java:66) > at > org.springframework.security.kerberos.authentication.KerberosAuthenticationProvider.authenticate(KerberosAuthenticationProvider.java:40) > at > org.apache.nifi.kerberos.KerberosProvider.authenticate(KerberosProvider.java:117) > ... 86 common frames omitted > Caused by: javax.security.auth.login.LoginException: Cannot locate KDC > at > jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:782) > at > jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:592) > at > java.base/javax.security.auth.login.LoginContext.invoke(LoginContext.java:726) > at > java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:665) > at > java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:663) > at > java.base/java.security.AccessController.doPrivileged(Native > Method) > at > java.base/javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:663) >
RE: Nifi with kerberos(kdc) is not working in Nifi 1.11.4
Hi , Thanks a lot , I will test and post the result . Thanks & Regards, Ganesh.B -Original Message- From: Bryan Bende Sent: Friday, April 17, 2020 11:21 PM To: dev@nifi.apache.org Subject: Re: Nifi with kerberos(kdc) is not working in Nifi 1.11.4 In versions prior to 1.10.0, the Default Realm was never used and that was fixed with this JIRA [1]. So if it was working for you before 1.9.2, that means it was working without a Default Realm, so you should probably remove the NIFI.COM from Default Realm. [1] https://issues.apache.org/jira/browse/NIFI-6224 On Fri, Apr 17, 2020 at 1:48 PM Ganesh, B (Nokia - IN/Bangalore) < b.gan...@nokia.com> wrote: > Hi , > > In the file login-identity-providers.xml configuration is mentioned > below , but in case of Nifi 1.9.2 also it is configured as same . > > > kerberos-provider > org.apache.nifi.kerberos.KerberosProvider > NIFI.COM > 12 hours > > > > And below is the complete back trace of the issue . > > er java.lang.IllegalArgumentException: The supplied username and > password are not valid.}. Returning Bad Request} response."} > java.lang.IllegalArgumentException: The supplied username and password > are not valid. > at > org.apache.nifi.web.api.AccessResource.createAccessToken(AccessResource.java:735) > at > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native > Method) > at > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.base/java.lang.reflect.Method.invoke(Method.java:566) > at > org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:76) > at > org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:148) > at > org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:191) > at > org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:200) > at > at > org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:263) > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610) > at > org.apache.nifi.web.filter.TimerFilter.doFilter(TimerFilter.java:51) > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletH > andler.java:1610) > > at java.base/java.lang.Thread.run(Thread.java:834) > Caused by: > org.apache.nifi.authentication.exception.InvalidLoginCredentialsException: > Kerberos authentication failed > at > org.apache.nifi.kerberos.KerberosProvider.authenticate(KerberosProvider.java:125) > at > org.apache.nifi.web.security.spring.LoginIdentityProviderFactoryBean$1.authenticate(LoginIdentityProviderFactoryBean.java:315) > at > org.apache.nifi.web.api.AccessResource.createAccessToken(AccessResource.java:729) > ... 84 common frames omitted > Caused by: > org.springframework.security.authentication.BadCredentialsException: > Kerberos authentication failed > at > org.springframework.security.kerberos.authentication.sun.SunJaasKerberosClient.login(SunJaasKerberosClient.java:66) > at > org.springframework.security.kerberos.authentication.KerberosAuthenticationProvider.authenticate(KerberosAuthenticationProvider.java:40) > at > org.apache.nifi.kerberos.KerberosProvider.authenticate(KerberosProvider.java:117) > ... 86 common frames omitted > Caused by: javax.security.auth.login.LoginException: Cannot locate KDC > at > jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:782) > at > jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:592) > at > java.base/javax.security.auth.login.LoginContext.invoke(LoginContext.java:726) > at > java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:665) > at > java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:663) > at > java.base/java.security.AccessController.doPrivileged(Native > Method) > at > java.base/javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:663) > at > java.base/javax.security.auth.login.LoginContex
RE: Nifi with kerberos(kdc) is not working in Nifi 1.11.4
at java.security.jgss/sun.security.krb5.Config.getKDCList(Config.java:1232) ... 101 common frames omitted Thanks & Regards, Ganesh.B -Original Message- From: Bryan Bende Sent: Friday, April 17, 2020 8:53 PM To: dev@nifi.apache.org Subject: Re: Nifi with kerberos(kdc) is not working in Nifi 1.11.4 Check your Default Realm in login-identity-providers.xml On Fri, Apr 17, 2020 at 11:05 AM Shawn Weeks wrote: > For some reason NiFi is trying to use the realm NIFI.COM. I'd search > through your config files and your Kerberos Credential Service and see > where that's coming from. > > Thanks > > On 4/17/20, 7:49 AM, "Ganesh, B (Nokia - IN/Bangalore)" < > b.gan...@nokia.com> wrote: > > Hi , > > no , > default_realm = NOKIA.COM > > > > -Original Message- > From: Shawn Weeks > Sent: Friday, April 17, 2020 5:43 PM > To: dev@nifi.apache.org > Subject: Re: Nifi with kerberos(kdc) is not working in Nifi 1.11.4 > > Can you verify that your KDC Realm is really NIFI.COM and that > it's defined in /etc/krb5.conf? > > Thanks > Shawn > > On 4/17/20, 5:14 AM, "Ganesh, B (Nokia - IN/Bangalore)" < > b.gan...@nokia.com> wrote: > > Hi , > > I am facing issue with Nifi 1.11.4 in Kerberos mode , > whereas nifi 1.9.2 not seeing this issue . > I am using kdc version as 2.2.5 > > Can anybody help me on this ? > > REST call to > 'https://10.75.156.102:30088/nifi-api/flow/client-id > is failed with below error > > java.lang.IllegalArgumentException: The supplied username and > password are not valid.}. Returning Bad Request} response."} > java.lang.IllegalArgumentException: The supplied username and > password are not valid. > at > org.apache.nifi.web.api.AccessResource.createAccessToken(AccessResource.java:735) > at > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native > Method) > at java.base/java.lang.Thread.run(Thread.java:834) > Caused by: > org.apache.nifi.authentication.exception.InvalidLoginCredentialsException: > Kerberos authentication failed > ... 84 common frames omitted > Caused by: > org.springframework.security.authentication.BadCredentialsException: > Kerberos authentication failed > at > org.springframework.security.kerberos.authentication.sun.SunJaasKerberosClient.login(SunJaasKerberosClient.java:66) > ... 86 common frames omitted > Caused by: javax.security.auth.login.LoginException: Cannot > locate KDC > at > jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:782) > .java:59) > ... 88 common frames omitted > Caused by: sun.security.krb5.KrbException: Cannot locate KDC > at > java.security.jgss/sun.security.krb5.Config.getKDCList(Config.java:125 > 9) > > at > jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:744) > ... 96 common frames omitted > Caused by: sun.security.krb5.KrbException: Generic error > (description in e-text) (60) - Unable to locate KDC for realm NIFI.COM > at > java.security.jgss/sun.security.krb5.Config.getKDCFromDNS(Config.java:1356) > at > java.security.jgss/sun.security.krb5.Config.getKDCList(Config.java:1232) > ... 101 common frames omitted > > > > > > > >
RE: Nifi with kerberos(kdc) is not working in Nifi 1.11.4
Hi , no , default_realm = NOKIA.COM -Original Message- From: Shawn Weeks Sent: Friday, April 17, 2020 5:43 PM To: dev@nifi.apache.org Subject: Re: Nifi with kerberos(kdc) is not working in Nifi 1.11.4 Can you verify that your KDC Realm is really NIFI.COM and that it's defined in /etc/krb5.conf? Thanks Shawn On 4/17/20, 5:14 AM, "Ganesh, B (Nokia - IN/Bangalore)" wrote: Hi , I am facing issue with Nifi 1.11.4 in Kerberos mode , whereas nifi 1.9.2 not seeing this issue . I am using kdc version as 2.2.5 Can anybody help me on this ? REST call to 'https://10.75.156.102:30088/nifi-api/flow/client-id is failed with below error java.lang.IllegalArgumentException: The supplied username and password are not valid.}. Returning Bad Request} response."} java.lang.IllegalArgumentException: The supplied username and password are not valid. at org.apache.nifi.web.api.AccessResource.createAccessToken(AccessResource.java:735) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/java.lang.Thread.run(Thread.java:834) Caused by: org.apache.nifi.authentication.exception.InvalidLoginCredentialsException: Kerberos authentication failed ... 84 common frames omitted Caused by: org.springframework.security.authentication.BadCredentialsException: Kerberos authentication failed at org.springframework.security.kerberos.authentication.sun.SunJaasKerberosClient.login(SunJaasKerberosClient.java:66) ... 86 common frames omitted Caused by: javax.security.auth.login.LoginException: Cannot locate KDC at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:782) .java:59) ... 88 common frames omitted Caused by: sun.security.krb5.KrbException: Cannot locate KDC at java.security.jgss/sun.security.krb5.Config.getKDCList(Config.java:1259) at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:744) ... 96 common frames omitted Caused by: sun.security.krb5.KrbException: Generic error (description in e-text) (60) - Unable to locate KDC for realm NIFI.COM at java.security.jgss/sun.security.krb5.Config.getKDCFromDNS(Config.java:1356) at java.security.jgss/sun.security.krb5.Config.getKDCList(Config.java:1232) ... 101 common frames omitted
Nifi with kerberos(kdc) is not working in Nifi 1.11.4
Hi , I am facing issue with Nifi 1.11.4 in Kerberos mode , whereas nifi 1.9.2 not seeing this issue . I am using kdc version as 2.2.5 Can anybody help me on this ? REST call to 'https://10.75.156.102:30088/nifi-api/flow/client-id is failed with below error java.lang.IllegalArgumentException: The supplied username and password are not valid.}. Returning Bad Request} response."} java.lang.IllegalArgumentException: The supplied username and password are not valid. at org.apache.nifi.web.api.AccessResource.createAccessToken(AccessResource.java:735) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/java.lang.Thread.run(Thread.java:834) Caused by: org.apache.nifi.authentication.exception.InvalidLoginCredentialsException: Kerberos authentication failed ... 84 common frames omitted Caused by: org.springframework.security.authentication.BadCredentialsException: Kerberos authentication failed at org.springframework.security.kerberos.authentication.sun.SunJaasKerberosClient.login(SunJaasKerberosClient.java:66) ... 86 common frames omitted Caused by: javax.security.auth.login.LoginException: Cannot locate KDC at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:782) .java:59) ... 88 common frames omitted Caused by: sun.security.krb5.KrbException: Cannot locate KDC at java.security.jgss/sun.security.krb5.Config.getKDCList(Config.java:1259) at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:744) ... 96 common frames omitted Caused by: sun.security.krb5.KrbException: Generic error (description in e-text) (60) - Unable to locate KDC for realm NIFI.COM at java.security.jgss/sun.security.krb5.Config.getKDCFromDNS(Config.java:1356) at java.security.jgss/sun.security.krb5.Config.getKDCList(Config.java:1232) ... 101 common frames omitted
RE: Nifi Database repository backup & restore
Hi Koji , I scenario is like below 1. Install Nifi and run the processor to getHttp CSV ->convert to Json -->put file 2. Take backup of data ( using one of the backup and restore technique) 3. login to the Nifi pod and delete the flow_file_repository & data_base_repository folders . 3. restore the same But Nifi flow is failed to process data . Have you ever tried this scenario ? If you tried please let me know . Thanks & Regards, Ganesh.B -Original Message- From: Koji Kawamura Sent: Friday, October 11, 2019 11:13 AM To: dev Subject: Re: Nifi Database repository backup & restore Hi Ganesh, What did you mean by following statement? Would you elaborate what is expected and how it behaved actually? > Nifi is not processing flow from the point where it got stopped or crashed . Some processor needs "state" get restored in addition to FlowFiles. States are stored in Zookeeper or in local file system. Does your test recover these files, too? Thanks, Koji On Thu, Oct 10, 2019 at 3:10 PM Ganesh, B (Nokia - IN/Bangalore) wrote: > > Hi , > > we are trying to test a disaster recovery with the backup/restore feature. > We could see that the flowfile and database volume are restored but Nifi is > not processing flow from the point where it got stopped or crashed . > > Any one have tested the above scenario ? > > Thanks & Regards, > Ganesh.B
Nifi Database repository backup & restore
Hi , we are trying to test a disaster recovery with the backup/restore feature. We could see that the flowfile and database volume are restored but Nifi is not processing flow from the point where it got stopped or crashed . Any one have tested the above scenario ? Thanks & Regards, Ganesh.B
IPV6 support
Hi , May I know when (which release)is ipv6 support planned for the Nifi . Thanks & Regards Ganesh.B
Apache NiFi contributor access
Hi, I would like to get contributor access to Apache Nifi on JIRA. Can you please add me to contributor list? My username is 'b.ganesh' . Thanks & Regards, Ganesh.B
RE: Disconnected Relationship support in Connect WebSocket processor in Nifi
Yes I can . -Original Message- From: Otto Fowler Sent: Friday, August 30, 2019 5:40 PM To: dev@nifi.apache.org Subject: Re: Disconnected Relationship support in Connect WebSocket processor in Nifi Can you create a jira? On August 30, 2019 at 02:44:04, Ganesh, B (Nokia - IN/Bangalore) ( b.gan...@nokia.com) wrote: Hi , We are using Connect WebSocket processor to connect to a WebSocket server. As part of the requirement, when the WebSocket server closes the connection, we need to do retry mechanism. Current connect WebSocket processor does not have disconnected relationship that indicates jetty @OnWebSocketClose callback. This is required, so that in case of the disconnected relationship we can do the retry mechanism. * In case where the server side is shutdown gracefully we don't want to retry. * server does close call on the client side will get a call back @OnWebSocketClose * but if it is network connection error or server got killed client side will get @ Onerror . Considering above requirement I think WebSocket "disconnected " relationship support is required in Nifi . Thanks & Regards, Ganesh.B 9900355223
Disconnected Relationship support in Connect WebSocket processor in Nifi
Hi , We are using Connect WebSocket processor to connect to a WebSocket server. As part of the requirement, when the WebSocket server closes the connection, we need to do retry mechanism. Current connect WebSocket processor does not have disconnected relationship that indicates jetty @OnWebSocketClose callback. This is required, so that in case of the disconnected relationship we can do the retry mechanism. * In case where the server side is shutdown gracefully we don't want to retry. * server does close call on the client side will get a call back @OnWebSocketClose * but if it is network connection error or server got killed client side will get @ Onerror . Considering above requirement I think WebSocket "disconnected " relationship support is required in Nifi . Thanks & Regards, Ganesh.B 9900355223
